diff --git a/.wordlist.txt b/.wordlist.txt
index 0d971fc3ff..897b3e544b 100644
--- a/.wordlist.txt
+++ b/.wordlist.txt
@@ -104,6 +104,7 @@ macos
 md
 microservices
 modbus
+Mosquitto
 MQTT
 mydomain
 namespace
diff --git a/docs/specs/mqtt_client.md b/docs/specs/mqtt_client.md
index a46b664d85..2af21c7997 100644
--- a/docs/specs/mqtt_client.md
+++ b/docs/specs/mqtt_client.md
@@ -6,4 +6,8 @@
 
 The client should implement exponential backoff in the event of a loss of connection to the broker
 up to a maximum interval period of 120 seconds between connection attempts, and then should continue
-connection attempts indefinitely.
\ No newline at end of file
+connection attempts indefinitely.
+
+## Authentication
+
+When using client certificates for authentication (which is the current typical configuration), password-based authentication is not used. In these cases, the `username` may still be passed as `/r/<registry_id>/d/<device_id>` depending on the backend, but the MQTT broker (e.g., Mosquitto) does not validate passwords.